132 matches found
Comersus Cart comersus_searchItem.asp curPage Parameter XSS
The version of Comersus Cart installed on the remote host fails to properly sanitize user input to the 'curPage' parameter of the 'comersussearchItem.asp' script. An attacker can exploit this vulnerability to cause arbitrary HTML and script code to be executed in a user's browser within the conte...
Comersus Cart 4.0/5.0 - 'Comersus_Search_Item.asp' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13125/info Comersus Cart is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly validate user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...
CVE-2005-1010
Cross-site scripting XSS vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username...
CVE-2005-1010
The CVE-2005-1010 vulnerability is a Cross-Site Scripting (XSS) flaw in Comersus Cart 6 that allows remote attackers to inject arbitrary HTML/JS via the Account Username field. Root cause: improper sanitization of user input in the Username field (as detailed in Nessus/NGD references). Impact: us...
Comersus Cart Detection
Binary data 2797.prm...
Comersus Cart Username Field HTML Injection
Binary data 2796.prm...
Comersus Cart Account Username Field XSS
According to its banner, the remote host is running a version of Comersus Cart that fails to properly sanitize user input to the 'Username' field. An attacker can exploit this vulnerability to cause arbitrary HTML and script code to be executed by a user's browser in the context of the affected...
CVE-2004-1656
CRLF injection in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting via the redirecturl parameter, enabling modification of server HTML content. Root cause is CRLF handling in the redirecturl flow; vulnerable component is the redirecturl parameter processing...
CVE-2004-1656
CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter...
[SA13964] Comersus Cart Multiple Vulnerabilities
TITLE: Comersus Cart Multiple Vulnerabilities SECUNIA ADVISORY ID: SA13964 VERIFY ADVISORY: http://secunia.com/advisories/13964/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: Comersus Cart 6.x...
Comersus Cart 5.06.0 - Multiple Vulnerabilities
Comersus Cart 5.06.0 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/12362/info Comersus Cart is reportedly affected by multiple vulnerabilities. There is a possiblity of gaining administrator access due to a failure of the application to remove an installation script after...
Comersus Default Install Script Admin Access
Binary data 2554.prm...
Comersus Cart 5.0/6.0 - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/12362/info Comersus Cart is reportedly affected by multiple vulnerabilities. There is a possiblity of gaining administrator access due to a failure of the application to remove an installation script after install. There is the possiblity of SQL injection...
bug report comersus Back Office Lite 6.0 and 6.0.1
Software: Comersus ASP Shopping Cart Version: 6.0 Free version containing BackOffice Lite 6.0 and 6.01 Vendor: Comersus 1. Software Description -------------------- Comersus ASP shopping cart is a set of ASP scripts creating an online shoppingcart. It works on a database of your own choosing,...
ADVISORY: http response splitting hole in Comersus shopping cart
ADVISORY Author: Maestro me! Date: 01-SEP-04 Vendor: Comersus www.comersus.com Product: Comersus Shopping Cart 5.0991 Problem: Http response splitting web cache poisoning, xss, yadayadayada - http://www.packetstormsecurity.org/papers/general/whitepaperhttpresponse.pdf Exploit:...
CVE-2004-1656
CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter...
Comersus Cart 5.0 - HTTP Response Splitting
Comersus Cart 5.0 - HTTP Response Splitting source: https://www.securityfocus.com/bid/11083/info Comersus Cart is reported prone to a HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or...
Comersus Cart 5.0 - HTTP Response Splitting
source: https://www.securityfocus.com/bid/11083/info Comersus Cart is reported prone to a HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This could aid in various attacks, which...
CVE-2004-0681
Multiple cross-site scripting XSS vulnerabilities in 1 comersuscustomerAuthenticateForm.asp, 2 comersusbackofficemessage.asp, 3 comersussupportError.asp, or 4 comersusmessage.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter...
CVE-2004-0682
comersusgatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL...